Git Hound
Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions.
How does it work?
Upon commit, it runs the output of git diff -U0 --staged through the Hound, which matches every added or modified line against your provided list of regular expressions from a local .githound.yml file.
Installation
To install Hound, please use go get. If you don't have Go installed, get it here. If you would like to grab a precompiled binary, head over to the releases page. The precompiled Hound binaries have no external dependencies.
go get github.com/ezekg/git-hound
Compiling
To compile for your operating system, simply run the following from the root of the project directory:
go install
To compile for all platforms using gox, run the following:
gox
Usage
git-hound [<opts>] commit [...]
git-hound [<opts>] sniff [<commit>]
Commit
Sniff changes before committing.
# Sniff changes since last commit and pass to git-commit when clean
git hound commit …
Sniff
You can optionally pass a commit hash or manually pipe a diff for the Hound to sniff.
# Sniff changes since last commit
git hound sniff HEAD
# Sniff entire codebase
git hound sniff
# Sniff entire repo history
git log -p, git hound sniff
Option flags, Flag, Type, Default, Usage, :---------------, :-------, :----------------, :-------------------------------------------, -no-color, bool, false, Disable color output, -config=file, string, .githound.yml, Hound config file, -bin=file, string, git, Executable binary to use for git command, ## Example .githound.yml
# Output warning on match but continue
warn:
- '(?i)user(name)?\W*[:=,]\W*.+$'
- '\/Users\/\w+\/'
# Fail immediately upon match
fail:
- '[''"](?!.*[\s])(?=.*[A-Za-z])(?=.*[0-9])(?=.*[!@#$&*])?.{16,}[''"]'
- '(?i)db_(user(name)?, pass(word)?, name)\W*[:=,]\W*.+$'
- '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
skip:
- '\.example$'
- '\.sample$'